WRITEUP

WRITEUP
Exploit for CVE-2024-5135 - PHPGurukul Directory Management System 1.0 - SQL Injection
AI Analysis

This writeup details an unauthenticated SQL injection vulnerability in the Directory Management System via the 'username' parameter. It includes a proof of concept using sqlmap to exploit the vulnerability and dump the database, along with technical details about the payloads and database identification.

Attack Type
SQLi
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1189 - Drive-by Compromise T1505 - Server Software Component
Loading exploit code...
Download ZIP Password: eip
Source
Platform Writeup
Type poc
Files 2
Authors
Burak Sevben
Vulnerability
CVE-2024-5135
PHPGurukul Directory Management System 1.0 - SQL Injection
HIGH
CVSS 7.3